Zero Day Initiative Advisory 11-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Handheld Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Access Point process (ZfHIPCnd.exe) which listens by default on TCP port 2400. The problem occurs due to the application copying arbitrary sized data from a packet into a statically sized buffer. Due to the application not accommodating for the variable sized data during initialization of this buffer a buffer overflow will occur. This can lead to code execution under the context of the application.
646c3c9ee7e6a2694f8a45540159142ec7e8ea2d273c445e829eb3daf2f0ac07Secunia Security Advisory - Red Hat has issued an update for webkitgtk. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain access restrictions, conduct spoofing attacks, cause a DoS (Denial of Service), potentially disclose sensitive information, and potentially compromise a user's system.
91022508e1e53838480cb243ae73ca0df5935a43b60599218a28d1c0d618f239Ubuntu Security Notice 1051-1 - Sebastian Krahmer discovered that HPLIP incorrectly handled certain long SNMP responses. A remote attacker could send malicious SNMP replies to certain HPLIP tools and cause them to crash or possibly execute arbitrary code.
a1b87dab348d4d4025c5919e596b01e599a2e532f2995aad0fa3ab38a3d2cd01Secunia Security Advisory - A vulnerability has been discovered in MuPDF, which potentially can be exploited by malicious people to compromise a user's system.
ffc1789730b0a2cd84ad1b666f02d42806c736b38a1951a261052f2abbe232c4Secunia Security Advisory - SUSE has issued an update for java-1_6_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system.
af5c4f0a2f855e1797390509a0debcbfc44211762650ee4e7372ea7165d86609Secunia Security Advisory - A vulnerability has been discovered in SumatraPDF, which potentially can be exploited by malicious people to compromise a user's system.
3947506974d3b3737c7e201b99d9ab6b5d5454089a9e5092db30a11c6aa574e9Secunia Security Advisory - A vulnerability has been reported in the Media [DAM] extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.
caf7785a688efa96af51b0db8ef4df60a56bf4ea53142eee1c5bd78aa61374ddSecunia Security Advisory - A vulnerability has been reported in RSA Data Protection Manager, which can be exploited by malicious users to conduct SQL injection attacks.
e32b410b307980bc4290d9c35ed512e7bd1e3bfc0699234fac01719c46d5d8c7Secunia Security Advisory - A vulnerability with unknown impact has been reported in Mosets Tree component for Joomla!.
ee120417f7d3468c976490565fe464859f20d4dbb6381d2cd9d1a0c46c574a1fSecunia Security Advisory - A vulnerability has been discovered in the Audio plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
87cf441a87cfbb1709329d9fd06ad1ab248088c668f4764b9a5e0acb860cb0fcSecunia Security Advisory - A vulnerability has been discovered in the BezahlCode-Generator plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
03948323d4bb75e052b405e67c18cb1e95134dd771fdf5386dfe36f220a59a92Secunia Security Advisory - A vulnerability has been discovered in RSS Feed Reader for WordPress plugin, which can be exploited by malicious people to conduct cross-site scripting attacks.
3b78d0861707c887c377226acd745dcc1f9700ba80503ea311f0cb37a098c31dSecunia Security Advisory - A vulnerability has been discovered in Look 'n' Stop Firewall, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
f83c882e4b89edbe37d4cbe74f32999d06a86ac4862e79c447b90643a267c367Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in the FCChat Widget plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
843ce4a7101dbab768628a9f17a62408e1d42743fd6575e3bf86fed156db781bSecunia Security Advisory - Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct HTTP response splitting attacks, cross-site request forgery attacks, and bypass certain security restrictions. 1) An unspecified error related to insufficiently random numbers can be exploited to gain access to a user's account.
5c6f6876a5bbe4064d7aa1959450da1cf07a4332da6c07ef914d556d735d6bf9Secunia Security Advisory - Dmitry Chastuhin has reported multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system.
11ab326efa92e8779d89217c612bd6edc729c6d6581fcca920949792d69e83c3Secunia Security Advisory - A vulnerability has been reported in Progress OpenEdge, which can be exploited by malicious people to bypass certain security restrictions.
170f82b059d054ca459f9d60ae4073e0db8501c0ba71a62f356abe98d694d8e7Zero Day Initiative Advisory 11-025 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When the code encounters a REQUEST-STATUS variable it allocates up to 0xFFFF bytes for the variable's value. It then proceeds to copy the value into the fixed-length buffer without checking if it will fit. By specifying a large enough string in the e-mail, an attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
191f4ea4886e15f46822744f040abd9d0dec4d3828a80db4fb7a3e1fb0331d92It has been identified that OpenVAS Manager is vulnerable to command injection due to insufficient validation of user supplied data when processing OMP requests. It has been identified that this vulnerability allows privilege escalation within the OpenVAS Manager but more complex injection may allow arbitrary code to be executed with the privileges of the OpenVAS Manager on vulnerable systems.
465e38dd18df584bf3d5f7eda261e4615381784ac40a6d293ea96a4cc69f27a3HP Security Bulletin HPSBMA02624 SSRT100195 2 - A potential vulnerability has been identified with HP LoadRunner and HP Performance Center. The vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 2 of this advisory.
0ae85c56d3d2c3beefa5625a23d8aae8de8e99fbfd15ff6ec394d62fa013d7afSyslog-NG versions 2.0, 3.0, 3.1, 3.2 OSE and PE suffer from information leak, access prevention and possible privilege escalation vulnerabilities.
182c2c5d9650fa3c22f1331dab15f9344255b47637a2dceca52b21aed476a527Insecure practices where found in the library scriptinghelpers.dll from SAP Crystal Report Server 2008. An attacker could construct a html-page containing a call insecure functions.
29926d9586641116eb339bef4f9eb33eae55dfcd24cd7eb87a02a1fbbd8d02b7Progress OpenEdge Enterprise RDBMS version 10.2A has some vulnerabilities that make it possible to enumerate UserID and bypass authentication.
94f3ea7ac21edb9e58b5237ff7c2a7826e37b408dbacdbff22fb5468c6bdec38Pligg CMS version 1.1.3 suffers from a path disclosure vulnerability.
6b984ea8f5f5ae5f4016ca41219b784091c63f58ec6723c026db2e3fc3167876The author of this file claims that naming a directory with a .asp extension on IIS 6 will causing all files inside of it to be executed as such.
7d3a817a22ee42fe51d188e334502eb335489a020414bfe1d8e9ebcb14d8ed1f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed